While bombs rained on Tehran, a different kind of war was unfolding in the digital shadows. And this week, it burst into flames — literally.
Iranian-linked hackers have struck back at the heart of America’s digital infrastructure, with attacks on Amazon Web Services data centers in the UAE and Bahrain causing visible fires and disrupting cloud services across the Gulf, multiple cybersecurity sources confirmed.
The attacks mark a significant escalation in the parallel cyber war that has accompanied the kinetic strikes since February 28. They also raise an unsettling question: if the cloud can burn, what else is vulnerable?
The Digital Battlefield
When US Central Command began posting slick videos of jets and ships striking Iranian targets, they were far less forthcoming about what was happening in cyberspace. Mentions of cyber operations in press conferences and social media posts have been vanishingly rare.
But cyber has indeed played a central role, as CENTCOM commander Admiral Brad Cooper recently hinted: “We continue with strikes into Iran from seabed to space and cyber-space.”
Gen. Dan Caine, chairman of the Joint Chiefs, described how the war was enabled by months, in some cases years, of planning that went into preparing the “target set” for strikes. US and Israeli hackers likely infiltrated key Iranian computer networks — air defenses, military communications, even CCTV cameras — long before any bombs were dropped.
The Financial Times reported that Israel hacked Iran’s traffic and security cameras to create an enormous surveillance network, establishing “patterns of life” for Supreme Leader Ayatollah Ali Khamenei and his commanders in preparation for the strike that killed him.
“Internet-connected cameras offer real-time situational awareness of streets, facilities, and movement at very low cost,” said Sergey Shykevich, threat intelligence expert at Check Point.
Gen. Caine described US Cyber Command and Space Command operatives as the “first movers,” disrupting and “blinding Iran’s ability to see, communicate and respond.” Some commentators suggest mobile phone towers were jammed or shut off to prevent warnings about incoming jets — tactics seen in previous conflicts like Ukraine.
Defense Secretary Pete Hegseth boasted this week that Iranian forces “can’t talk or communicate, let alone mount a coordinated and sustained offensive.”
The Hacked Prayer App
As the first bombs fell, millions of Iranians received a chilling push notification on their phones. It came from BadeSaba, a popular prayer-timing app with 5 million downloads.
The message: “The time of judgment has come.”
Israel is being accused of hacking the app to deliver the apocalyptic warning exactly as the airstrikes began. For Iranians huddled in shelters, the message felt like a sign that nowhere — not even their faith — was beyond reach.
Iran Strikes Back
For days, the cyber world waited for Iran to respond. The nation has long been regarded as a capable cyber power, with a history of devastating attacks, including the 2012 hack of Saudi Aramco that used “wiper” malware to destroy 30,000 computers.
But initially, there was silence. Either Iran had been incapacitated by Israeli strikes, or it was being underestimated.
On Wednesday, the answer came.
The Handala hacking group, linked to Iran, hit medical technology giant Stryker with a wiper malware attack, destroying 56,000 devices and stealing 50 terabytes of data. The attack disrupted operations at the $120 billion company, which provides critical medical equipment to hospitals worldwide.
Then came the cloud strikes. Multiple cybersecurity sources reported that Iranian hackers successfully targeted Amazon Web Services data centers in the UAE and Bahrain, causing physical fires and service disruptions. The attacks mark the first time US “hyperscalers” — the massive cloud infrastructure that underpins much of the internet — have been militarily targeted.
The Fog of Cyberwar
The secrecy surrounding cyber operations is intentional. “If a country openly describes its capabilities or specific operations, it risks revealing techniques, access points, or intelligence sources that could be shut down quickly by adversaries,” said Tal Kollender, a former Israeli military cyber-defense specialist.
“In cyber, the value of a capability often depends on the other side not knowing exactly how it works.”
Despite this, Dr. Louise Marie Hurel from the Royal United Services Institute argues the war has shown that cyber should be discussed alongside conventional action to maintain rules of engagement.
“This is an opportunity for us to have a more public debate regarding the support and strategic advantage cyber provides in broader military campaigns and crisis,” she said. “If cyber is openly acknowledged as integral to the strike package, it can help sharpen the questions about the laws of armed conflict, proportionality, and what counts as a use of force.”
What Comes Next
Iran’s cyber capabilities should not be underestimated, Hurel cautions. “I wouldn’t jump to conclusions regarding Iran as we have seen considerable hacktivist activity, and public reporting has previously shown that patriotic hacker personas have sometimes been used as a facade for state-linked groups.”
Hegseth spoke this week about “hunting for more systems to kill” — a phrase that encompasses both kinetic and cyber targets. Artificial intelligence tools are likely to be heavily employed in this work, identifying vulnerabilities and locating military targets.
“We continue with strikes into Iran from seabed to space and cyberspace,” Cooper said.
